Critical Splunk RCE, AI Export Controls, and Phishing Takedowns Dominate Cybersecurity Landscape

Splunk Scrambles to Patch Critical 9.8 CVSS Flaw Allowing Unauthenticated RCE

Splunk has issued an emergency patch for a critical vulnerability, CVE-2026-20253, affecting Splunk Enterprise. The flaw, with a CVSS score of 9.8, resides in an insecure PostgreSQL sidecar service endpoint, allowing unauthenticated attackers to perform arbitr...

FBI and Google Disrupt Massive Chinese Phishing-as-a-Service Operation

In a major international law enforcement action, the FBI, in collaboration with Google and Lumen's Black Lotus Labs, has disrupted a prolific China-based Phishing-as-a-Service (PhaaS) network known as 'Outsider Enterprise'. Dubbed 'Operation Ghost Hook', the t...

Ukraine Strikes Key Russian Industrial Plant in Crimea, Targeting War Supply Chain

Ukrainian forces have reportedly conducted a strike against the Crimea Titan plant in Armyansk, Crimea, during the night of June 13, 2026. The plant is a significant producer of titanium dioxide and other chemicals crucial for Russia's military-industrial comp...

Philippine Government Websites Hacked, Prompting Nationwide Cybersecurity Review

The official websites of the Philippine Senate and the House of Representatives were defaced in two separate cyberattacks this week. The incidents, with the House website being hit on Saturday, June 14, 2026, have prompted the Philippine National Police (PNP)...

New Phishing Wave Uses Fake Browser Windows to Target Microsoft 365 Users

Security researchers from Palo Alto Networks Unit 42 are warning of a new wave of sophisticated phishing attacks targeting Microsoft 365 users with the Browser-in-the-Browser (BitB) technique. These campaigns use meticulously crafted fake login popups that per...

Microsoft Pushes Mandatory Secure Boot Update as 2011 Certificates Expire

Update:Microsoft has begun the widespread rollout of the Secure Boot 2023 certificate update for Windows 10 and 11 systems as part of the June 2026 Patch Tuesday, identified as KB5094126. This deployment is critical as the original 2011 Secure Boot certificates are s...

npm Ecosystem Under Siege as Shai-Hulud Successors Weaponize CI/CD Pipelines

Update:GitHub has announced a critical security update for the npm ecosystem. The upcoming NPM version 12, expected in July, will no longer automatically execute 'preinstall', 'install', and 'postinstall' scripts from dependencies. This change directly addresses the...

Google Patches Fifth Actively Exploited Chrome Zero-Day of 2026

Update:The latest Chrome update, version 149, addresses a total of 28 vulnerabilities, significantly expanding beyond the previously reported CVE-2026-11645. Google has now confirmed that CVE-2026-11645 is being actively exploited via 'drive-by compromise' attacks, w...

DHS Cyber Modernization Efforts Face Hurdles, GAO Report Finds

Update:The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is experiencing critical staffing shortages, having lost approximately one-third of its personnel due to workforce reductions mandated by the Department of Government Efficiency (DOGE) over a yea...

Pro-Iranian Group 'Handala' Claims 'Warning' Attack on California Water Systems

Update:California Water Service (Cal Water) and independent analysis by Dataminr have confirmed that the Handala cyberattack was limited to non-critical IT systems, including a GPS server and customer billing database. Crucially, there was no impact on water producti...

'Atomic Arch' Supply Chain Attack Hijacks Orphaned Linux Packages to Target Developers

Update:The 'Atomic Arch' supply chain attack targeting Arch Linux AUR packages has escalated significantly, with reports now indicating over 400 packages have been compromised. This is a substantial increase from the previously reported 20+ packages. The attack conti...